🛡️SecOSS
+ Scan
🛡️SecOSS

No account needed

Data stays in your browser

Container Image Vulnerability Scanner

Scan every package in a Docker image via Syft or Trivy SBOM — no Docker daemon needed

Container images bundle hundreds of OS packages and language libraries that may carry known CVEs. SecOSS scans a Software Bill of Materials (SBOM) generated from any Docker image to find every vulnerable package across all image layers — no Docker daemon required and no image pull needed on your end.

How to use

  1. 1Generate an SBOM from your image with Syft: syft your-image:tag -o json > sbom.json — or with Trivy: trivy image --format json your-image:tag > sbom.json
  2. 2Upload the JSON file to SecOSS using the file picker.
  3. 3SecOSS parses the SBOM and cross-references every OS and language package against OSV.dev and NVD.
  4. 4Review vulnerabilities across all container layers — sorted by severity with fix versions where available.
🐳

Drop your SBOM file here

or click to browse · JSON format

Generate an SBOM first

Syftsyft <image> -o json > sbom.json
Dockerdocker sbom <image> -o spdx-json > sbom.json
Trivytrivy image --format json -o sbom.json <image>